Channels ▼

Developer's Reading List

, March 13, 2012 The best books to recently roll of the presses cover malware analysis, test automation, C#, and programming your home.
  • E-mail
  • Print

Practical Malware Analysis

Michael Sikorski and Andrew Honig
No Starch Press



The subtitle of this 750-page volume claims that it’s the hands-on guide to dissecting malicious software. This description perfectly encapsulates the book’s contents, which carefully guides you through the process of breaking open, dissecting, and understanding the parts of various malware items. It covers the full gamut of nefarious software from viruses, to rootkits, to key loggers. The authors, who, based on the careful sequence of the information and the lucid writing, appear to have taught this material more than once, explain the tools you’ll need in great depth, including important topics such as how to set up a virtual machine for malware analysis. Then, they work through the chapters on getting around malware defensive measures, such as special packers, anti-disassembly, and anti-debugging measures, which are used by hackers to make it difficult to analyze the type of carnage they’re going to cause.

Once you get to the actual malware executable bits, the authors explain how to do the disassembly, what to look for, and how to detect patterns that indicate specific symptoms of infection and venues for attack.

If you're not up to speed on x86 assembly language, the book thoughtfully includes a tutorial that presents "just what you need to know," as well as the assembly tools that let you walk the code to identify the activities. As malware typically looks for specific openings, the need for a deep understanding of assembler is not needed to be able to ride along. However, this does not prevent the authors from getting into a deep explanation of kernel debugging (for Windows) and how it’s used to watch the action unfold.

The explanation of the tools is clear, the presentation of the process is lucid, and the actual detective work fascinating. All presented clearly and hitting just the right level so that developers with no previous experience in this particular area can participate fully. Highly recommended. — A. Binstock






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.